December 3, 2007 8:14 AM PST
Apple QuickTime exploit in the wild
- Related Stories
Cybercrooks add QuickTime, WinZip flaws to arsenalMay 10, 2007
Apple plugs QuickTime zero-day flawMay 1, 2007
- Related Blogs
Apple QuickTime exploit published
November 26, 2007
Researcher Joji Hamada wrote in Symantec's Security Response Weblog on Saturday that the company had seen an active exploit for the vulnerability in Apple's media-streaming program that could lead to users downloading Trojan software.
Hamada said the exploit code was found on a compromised porn site that redirects users to a site hosting malicious software called "Downloader." Downloader is a Trojan that causes compromised machines to download other malicious software from the Internet. Symantec rates Downloader as "very low" risk.
No patch is currently available for the vulnerability, which affects version 7.x, and which lies in a boundary error when QuickTime processes Real Time Streaming Protocol (RTSP) replies.
Symantec is advising concerned IT professionals to run Web browsers at the highest security settings possible, disable Apple QuickTime as a registered RTSP protocol handler, and filter outgoing activity over common RTSP ports, including TCP port 554 and UDP ports 6970-6999.
Proof of concept code was published when the vulnerability was disclosed by security research company Secunia last week.
Tom Espiner of ZDNet UK reported from London.
10 commentsJoin the conversation! Add your comment